Researchers Reveal System To Detect App Clones on App Markets

Millions of Android app users are currently using cloned apps, malware
designed to mimic legitimate apps but with malicious code embedded to display
advertising or steal private information, according to researchers from
Penn State and China's Chinese Academy of
Sciences.

While methods of detecting app clones already exist, they are not scalable
and cannot search for clones across multiple Android app markets, according to information released by Penn State. The researchers have developed a new method they
say is more accurate and scalable and that can perform cross-market app clone
detection in less than one hour.

Current app clone detection systems examine the control flow and data
dependencies inside code fragments. The researchers' new system compares method
pairs (MPs), which are pairs of code fragments, by creating a control flow
graph (CFG) of those method pairs. Each CFG has a geometric characteristic
called a centroid, which is the geometric center of a two-dimensional region and
the arithmetic mean position of all points in the shape, according to Penn State. The researchers discovered that they can compare these
centroids to distinguish cloned from non-cloned method pairs.

"If two methods in a pair have the same centroid, the MP is almost certain to
be cloned. Alternatively, if two methods in an MP have different centroids, the
MP is 99 percent to be not-cloned," according to Penn State.

The researchers tested their system on 150,145 apps on five Android markets.
After generating centroids only once for the method pairs, they were able to
complete the cross-market app clone detection in less than one hour. According
to the researchers, their system enables them to "achieve high accuracy without
sacrificing scalability when detecting cloned methods."

Implementing this new approach to app clone detection could benefit users,
app developers and app market managers. Users would be less vulnerable to
installing cloned apps, and legitimate app developers would lose less revenue to
app clones. According to a recent study cited in the researchers' paper, "14
percent of the advertising revenue and 10 percent of the user base for a
developer are diverted to app clones on average."

The researchers plan are developing a site where users will be able to upload
their apps to find out whether they are authentic or clones. The researchers
said they hope to have the site up by the end of this year.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at leilameyer@gmail.com.

Sponsored Links

Webcasts

Whitepapers

Louis Zulli Jr., technology coordinator, IT instructor and network administrator for The Center for Advanced Technologies (CAT), has led a technological transformation beginning over two years ago that has resulted in a highly regarded magnet program—ranked as one of the top five STEM programs in the country by the University of Connecticut—that makes heavy use of current technologies like Dell tablets and computers running Microsoft Windows 10.
Read more...